Results 1 to 14 of 14
  1. try0625's Avatar
    Posts
    57 Posts
    Global Posts
    59 Global Posts
       #1  
    When the computer connects to the pre, it does not require a password. This means that all nearby computers can connect to the pre. Is there a solution to set a password so that other computers cannot connect? Thanks.
  2. #2  
    You need to enter a Key right below where you name the network. Then all PC's will need to know the key to connect.
  3. #3  
    I think the only way to secure it via username and password is if you donate and get version 2.0.1 I believe. you also get other features like the ability to shut the screen off without the Pre going to sleep which would shut off wifi.
  4. Tubal's Avatar
    Posts
    164 Posts
    Global Posts
    167 Global Posts
    #4  
    Yup. There's a reason there's a free version and a pay version.
  5. #5  
    Quote Originally Posted by Tubal View Post
    Yup. There's a reason there's a free version and a pay version.
    One might question the ethics of not updating a free application with a security issue like this, when the security features have been already coded for the paid version ... putting the financial returns for an individual above the security of the Pre community.

    -- Rod
    Last edited by rwhitby; 09/23/2009 at 08:35 PM. Reason: Removed unintended implications.
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  6. Xyg
    Xyg is offline
    Xyg's Avatar
    Posts
    1,104 Posts
    Global Posts
    1,113 Global Posts
    #6  
    Quote Originally Posted by rwhitby View Post
    One might question the ethics of knowingly releasing a free application with a security issue like this, simply to drive the sales of a paid version ... putting the financial returns for an individual above the security of the Pre community.

    -- Rod
    Which brings up the questions about "donate-ware" in general....
  7. percyg77's Avatar
    Posts
    50 Posts
    Global Posts
    63 Global Posts
    #7  
    I waste way more than $10 in a day. I'll probably donate after 1.2.1 is released and the dev can assure it'll work with the new patch.
  8. #8  
    Quote Originally Posted by rwhitby View Post
    One might question the ethics of knowingly releasing a free application with a security issue like this, simply to drive the sales of a paid version ... putting the financial returns for an individual above the security of the Pre community.

    -- Rod
    One might, but it's best done with all the facts. The developer of the app in question tried for some time to keep the existence of the donators only app a secret. He did that because he specifically wanted to be sure that the donations he received were donations and not fees. The other version was a gift to the donators. Of course the donators couldn't keep their big mouths shut, so it's no longer a secret and now it no longer appears to be a gift.

    As for security, well, just because someone is sharing your internet connection doesn't mean they have access to your device. If you're not in developer mode, then it's difficult to hack in, though I'm sure there are some who can. But you're generally not in the same place for very long when you're using this, so it's not that huge a risk. Far and away the bigger risk is the impact on your own speed from someone else using your connection. And that is a concern in a public place. But you could also use USB or bluetooth, both of which have more security. So there are some options. I would hardly call this a huge security hole to drive sales.
  9. Tubal's Avatar
    Posts
    164 Posts
    Global Posts
    167 Global Posts
    #9  
    Quote Originally Posted by rwhitby View Post
    One might question the ethics of knowingly releasing a free application with a security issue like this, simply to drive the sales of a paid version ... putting the financial returns for an individual above the security of the Pre community.

    -- Rod

    One also might question the ethics of a person who would knowingly "hack" his pre in order to tether to his computer, when it's crystal clear that the service provider doesn't want you doing this.

    Pot meet kettle.

    the way I look at it, it's homebrew, not sanctioned by palm or sprint, and it's free. I use it at my own risk.
  10. #10  
    BTW, I didn't mean to imply that the MyTether author intentionally put less security in the free version. I know the history of the application and have edited the original post to remove that unintended implication.

    What I question is the ethics of someone who already has the code to fix the security of an app, but withholds that code from the free version of the app.

    If security is the only reason for someone to buy the paid version of the app, then that's an ethical dilemma. If there are many other reasons to buy the paid version of the app, then one questions why the security is not fixed in the free version?

    Securing data transfers across wifi is expected normal practice these days. Do you really want all the non-https traffic going between your computer and your Pre when you are tethering being visible in the clear to anyone nearby who is capturing the wifi traffic?

    If the security of the free version is not an issue, then why is it different in the paid version?

    I fully support authors releasing free versions and paid versions of applications with different feature sets. I don't support security of the Pre being one of the features which is left out of the free version. That just does harm to the community and the reputation of the webOS platform that we all want to succeed.

    There are too many authors who are not taking the security of homebrew applications seriously, and this will become a problem for the community if it is not fixed.

    -- Rod
    Last edited by rwhitby; 09/23/2009 at 08:36 PM.
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  11. #11  
    Quote Originally Posted by Tubal View Post
    One also might question the ethics of a person who would knowingly "hack" his pre in order to tether to his computer, when it's crystal clear that the service provider doesn't want you doing this.
    Fully agree. I live in Australia where GSM carriers love tethering because there are no unlimited data plans, so tethering just increases their revenue.

    the way I look at it, it's homebrew, not sanctioned by palm or sprint, and it's free. I use it at my own risk.
    You as an individual are free to make that choice. I think that serious homebrew authors should be held to a higher standard so that they don't damage the reputation of the community of which they are a member.

    Do you really want the security of the Pre to be diminished to the point where people talk about it in the same way they talk about security on Windows?

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  12. #12  
    Quote Originally Posted by jbg7474 View Post
    One might, but it's best done with all the facts. The developer of the app in question tried for some time to keep the existence of the donators only app a secret. He did that because he specifically wanted to be sure that the donations he received were donations and not fees. The other version was a gift to the donators. Of course the donators couldn't keep their big mouths shut, so it's no longer a secret and now it no longer appears to be a gift.
    Yes I know about that history. My point is that security is not a feature which should have only been added to the paid version of the app.

    As for security, well, just because someone is sharing your internet connection doesn't mean they have access to your device. If you're not in developer mode, then it's difficult to hack in, though I'm sure there are some who can.
    The concern is not about being able to hack into the Pre - the Linux underlying security will normally prevent that (assuming other security-ignorant homebrew authors don't start opening holes in the firewall for things like telnet). The concern is being able to snoop any unencrypted traffic on the wifi link between the PC and the Pre. The user of the free app will not be cognisant of the fact that their unencrypted traffic is visible to anyone running a wifi snooping program in the nearby area (e.g. at the next table in the coffee shop).

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals
  13. dwhall's Avatar
    Posts
    73 Posts
    Global Posts
    107 Global Posts
    #13  
    Regardless of the morality behind using an application, I refuse to believe that anyone
    would knowingly withhold a security fix for any piece of software, Free or not. If the
    developer of this application really does this, it is one developer I would not trust.
  14. #14  
    Quote Originally Posted by dwhall View Post
    Regardless of the morality behind using an application, I refuse to believe that anyone
    would knowingly withhold a security fix for any piece of software, Free or not. If the
    developer of this application really does this, it is one developer I would not trust.
    Different people have different opinions on the security aspects. And it's a case of adding code that is already written for the paid version into the free version. That takes time (but not an excessive amount of time).

    The developer may have judged that the time it takes is not commensurate with his opinion of the security issue. It's his right to make those decisions for his app - I personally don't agree with such a decision, but that's just my personal opinion.

    -- Rod
    WebOS Internals and Preware Founder and Developer
    You may wish to donate by Paypal to donations @ webos-internals.org if you find our work useful.
    All donations go back into development.
    www.webos-internals.org twitter.com/webosinternals facebook.com/webosinternals

Posting Permissions